How to decode a cookie from the header of a websocket connection handshake? (Ruby)

穿精又带淫゛_ 提交于 2020-01-10 04:14:27

问题


I am running a Sinatra app within an EventMachine.run loop and in my ws.onopen method I wish to check the handshake header's cookie to ensure that the incoming request is coming from a registered user of my webapp.

My Sinatra app includes the following:

use Rack::Session::Cookie,  :key => COOKIE_KEY,
                            :path => '/',
                            :expire_after => 2592000, #30 days
                            :secret => COOKIE_SECRET

and my ws.onopen method looks like this (trimmed)

ws.onopen { |handshake|
  cookie, bakesale = handshake.headers['Cookie'].split('=')
  rack_cookie = Rack::Session::Cookie.new(MyApp, {
    :key => COOKIE_KEY,
    :path => '/',
    :expire_after => 2592000, #30 days
    :secret => COOKIE_SECRET
  })
  decoded = rack_cookie.coder.decode(bakesale)
  puts "decoded: #{decoded}"

}

The value of cookie matches my COOKIE_KEY just fine, however the value of decoded is nil

How should I decode the incoming cookie data?

-- some time later --

I've changed the above slightly to

ws.onopen { |handshake|
  cookie, bakesale = handshake.headers['Cookie'].split('=')
  rack_cookie = Rack::Session::Cookie.new(MyApp, {
    :key => COOKIE_KEY,
    :path => '/',
    :expire_after => 2592000, #30 days
    :secret => COOKIE_SECRET,
    :coder => Rack::Session::Cookie::Base64.new
  })

  puts rack_cookie.coder.decode(bakesale)

}

and that outputs

?q?[?????ov??????to?Z???294cb6e2b95e9?##v3???#c&F3#SC?CSC#CSs?c3sSCCs?cCm;FI"__FLASH__;F{I" user;FU:Moped::BSO?㣤?&?V7D?B!

which looks like it needs marshalling.

However Marshal.load (rack_cookie.coder.decode(bakesale)) throws an exception, saying dump format error for symbol(0x10)

-- and even more time later --

I also tried rack_cookie.coder.decode(bakesale.split('--').first)

which resulted in

??H?d????=?d:ETI"E7ce599b294cb6e2b95e9?##v3???#c&F3#SC?CSC#CSs?c3sSCCs?cCm;FI"__FLASH__;F{I" user;FU:Moped::BSO?㣤?&?V7D?B!

So as you can see, there is a minor difference, but either way I need to somehow turn that into a valid hash.

Marshal.load(rack_cookie.coder.decode(bakesale.split('--').first)) still results in dump format error for symbol(0x10) either way.

So I feel I'm closer, but no cigar as yet.


回答1:


The answer is to use Rack::Utils.unencode.

I now have this working

Marshal.load(rack_cookie.coder.decode(Rack::Utils.unescape(bakesale.split('--').first))) decodes perfectly to the hash I need, allowing me to extract the user ID. W00t!

Many thanks to User spastorino over at https://github.com/rack/rack/issues/551 for pointing me in the right direction.



来源:https://stackoverflow.com/questions/16312024/how-to-decode-a-cookie-from-the-header-of-a-websocket-connection-handshake-rub

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!